Project Overview:
The goal of the project is to improve current IPv6 honeypot (6Guard) detection mechanism for various latest IPv6 attacks, get the results and have a proper logging method. Currently IPv6 honeypot (6Guard) is capable to detect certain IPv6 attacks. As there are various new IPv6 attacks technique discovered and tools were released since last year, we need to improve the detection mechanism. For example, it should be able to fully detect the attack scenarios with various Extension headers combination, fragmentation techniques, RA-Guard bypass tricks, packet DoS attempts and etc. We also need a proper logging mechanism for the collected results, e,g, a DB for better results analysis.

Project Plan:

May 27th - June 17th: Community Bonding Period

June 17th : GSoC 2013 coding officially starts

June 17th - July 1st: Write a standalone module to check the packet extension header in details and add it to 6Guard

July 2nd - July 16st: Write a standalone module to reassemble the normal fragments and add it to 6Guard

July 17st - July 31st: Write a standalone module to reassemble the overlapping fragments and it to 6Guard

July 9st - July 28st: Write more standalone modules to detect more new attacks in THC-IPv6

July 29 - August 2: Submit the middle evaluation to Google.

August 3 - August 23:Write a log module and improve the logging mechanism of 6Guard

August 24 - Semptember 19: Write more standalone modules to detect more new attacks in Nmap and other tools

September 20 - September 27th: Submit sample codes to Google.

Project Deliverables:
The new version of 6Guard will be able to detect attacks from latest thc-ipv6 tools ,nmap and other tools, including the abuse of extension headers ,fragment attacks. Besides, 6Guard will have a good and easy-to-use log module to log the attack information